package com.qf.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class Demo3Controller {
    @GetMapping("/p/add")
    // 前置的权限拦截注解,hasAuthority是固定的函数
    // system:user:add 数据库中查询出的权限标记
    @PreAuthorize("hasAuthority('system:user:add')")
    public String add() {
        System.out.println("add");
        return "p-add";
    }

    @GetMapping("/p/del")
    @PreAuthorize("hasAuthority('system:user:del')")
    public String del() {
        return "p-del";
    }

    @GetMapping("/p/list")
    @Secured({"ROLE_超级管理员"})
    public String list() {
        return "p-list";
    }

}
